I THAT WHICH IS CLAIMED: 

\ 

1 . A method for determining a point of loss for data records to be 
communicated between a source and a destination on a communication network, the 

\ 

method comprising the steps of: 

determining a topology\of the communication network between the source and 
the destination, the topology including a plurality of connecting nodes; 

monitoring a number of data records from the source directed to the 
destination passing between ones\of the connecting nodes during a determined period 
of time; and 

identifying at least one of tfae connecting nodes as the point of loss based on 
the monitored number of data records and the determined topology. 



2. The method of Claim U wherein a plurality of network appliances 
configured to obtain a number of datalrecords passing between a pair of connecting 
nodes during a time period are positioned between respective ones of the connecting 
nodes, and wherein the monitoring steplfurther comprises the steps of: 

identifying at least one of the netWork appliances on the topology; and 
obtaining the number of data records from the source directed to the 

destination obtained by the identified at le^st one network appliance during the 

determined period of time. 

3. The method of Claim 2 wherem the steps of identifying at least one of 
the network appliances on the topology and obtaining the number of data records from 
the source directed to the destination obtained tw the identified at least one network 
appliance during the determined period of time nirther comprise the steps of: 

identifying at least one first hop one of the network appliances which is 
coupled to the source over the communication network; 

identifying at least one next hop one of the network appliances which is 
coupled between the at least one first hop one of the\network appliances and the 
destination; 
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obtaining a number of data records from the source directed to the destination 
obtained by the at leasV one first hop one of the network appliances and the at least 
one next hop one of the network appliances during the determined time period; and 
wherein the step oiudentifying at least one of the connecting nodes as the 
5 point of loss further comprises the steps of: 

comparing the number of data records from the source directed to the 
destination obtained by one onthe at least one first hop one of the network appliances 
with the number of data records from the source directed to the destination obtained 
by ones of the at least one next nop one of the network appliances coupled between 
1 0 the one of the at least one first hop one of the network appliances and the destination; 
and 

identifying a connecting ndde positioned between the at least one first hop one 
of the network appliances and the ones of the at least one next hop one of the network 
appliances as the point of loss for data records if the number of data records from the 
1 5 source directed to the destination obtained by one of the at least one first hop one of 
the network appliances differs by a threshold amount from the number of data records 
from the source directed to the destination obtained by ones of the at least one next 
hop one of the network appliances coupled between the one of the at least one first 
hop one of the network appliances and thp destination. 

20 

4. The method of Claim 3 wheVein the at least one first hop one of the 
network appliances is coupled to the source without intervening ones of the network 
appliances being coupled between the sourceWd the first hop one of the network 
appliances and wherein the at least one next hap one of the network appliances is 
25 coupled between the at least one first hop one o¥the network appliances and the 

destination without intervening ones of the network appliances being coupled between 
the at least one first hop one of the network appliances and the at least one next hop 
one of the network appliances. 



30 5. The method of Claim 3 wherein the step of comparing the number of 

data records from the source directed to the destination\pbtained by one of the at least 

30 




one first hop one of the netwo\k appliances with the number of data records from the 
source directed to the destination obtained by ones of the at least one next hop one of 
the network appliances coupled between the one of the at least one first hop one of the 
network appliances and the destination further comprises the step of comparing a 
5 number of data records from the source directed to the destination obtained by an 

upstream one of the network appliances with a number of data records from the source 
directed to the destination obtained by at least one downstream one of the network 
appliances coupled between the upstceam one of the network appliances and the 
destination at an adjacent downstream position for successive ones of the network 
10 appliances until at least one of the destination is reached or at least one of the 

connecting nodes is identified as the point of loss for data records and wherein the 
step of identifying a connecting node positioned between the at least one first hop one 
of the network appliances and the ones of the at least one next hop one of the network 
appliances as the point of loss for data records comprises the step of identifying a 
1 5 connecting node positioned between the upstream one of the network appliances and 
corresponding downstream ones of the network appliances as the point of loss for data 
records if the number of data records fromtthe source directed to the destination 
obtained by the upstream one of the network appliances differs by a threshold amount 
from the number of data records from the source directed to the destination obtained 
20 by the corresponding downstream ones of thanetwork appliances. 

6. The method of Claim 5 whereinVthe step of comparing a number of 
data records from the source directed to the destination obtained by an upstream one 
of the network appliances with a number of data records from the source directed to 

25 the destination obtained by at least one downstream one of the network appliances 

coupled between the upstream one of the network Appliances and the destination at an 
adjacent downstream position is repeated for successive ones of the network 
appliances on the topology until the destination is reached and wherein the step of 
identifying at least one of the connecting nodes as thdpoint of loss further comprises 

30 the step of identifying all connecting nodes positionedlbetween upstream ones of the 
network appliances and corresponding downstream ones of the network appliances as 
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points of loss for data records itf the number of data records from the source directed 

to the destination obtained by respective upstream ones of the network appliances 

differs by a threshold amount from the number of data records from the source 

\ 

directed to the destination obtained by corresponding downstream ones of the network 
appliances. 



7. The method of Claim 3 further comprising the step of adjusting 
obtained numbers of data records from the source directed to the destination to 
compensate for in transit introduced changes to data records before comparing the 

10 number of data records from the soiree directed to the destination obtained by one of 
the at least one first hop one of the network appliances with the number of data 
records from the source directed to the destination obtained by ones of the at least one 
next hop one of the network appliances coupled between the one of the at least one 
first hop one of the network appliance^and the destination. 

15 

8. The method of Claim 7 v^herein the step of adjusting obtained numbers 
of data records comprises the step of adjusting obtained numbers of data records from 
the source directed to the destination to compensate for encryption related changes in 
data records introduced by a connecting noffle coupled between the a first hop one and 

20 at least one next hop one of the network appliances. 

9. The method of Claim 3 further comprising the step of defining the 
determined period of time for the at least one first hop one of the network appliances 
and the at least next hop one of the network appliances based on a delay between the 

25 at least one first hop one of the network appliances and the at least next hop one of the 
network appliances. 

10. The method of Claim 9 wherein the s^ep of defining the determined 
time period further comprises the step of defining the determined period of time for 

30 the at least one first hop one of the network appliances and the at least next hop one of 
the network appliances based on an average delay between the at least one first hop 
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one of the network appliances and the at least next hop one of the network appliances 
determined over an averaging, window. 

1 1 . The method of Craim 3 further comprising the step of defining the 
threshold amount based on an expected timing related variability between numbers of 
data records obtained by ones of the network appliances. 

12. The method of ClainAl 1 wherein the step of defining the threshold 
amount further comprises the step of defining the threshold amount based on a 
percentage of data record throughput f©r respective ones of the network appliances. 

13. The method of Claim 3 wherein the connecting nodes are routing 
devices selected from the group consisting of routers, bridges and switches. 

14. The method of Claim 3 wherein a network appliance is positioned 
between each defined connecting node in tne topology and all other adjacent defined 
connecting nodes in the topology. \ 

15. The method of Claim 14 wherein at least one of the defined connecting 
nodes comprises a plurality of routing devices! 

16. A system for determining a pointtof loss for data records to be 
communicated between a source and a destination on a communication network, the 
system comprising: \ 

a memory including a topology of the communication network between the 
source and the destination, the topology including a plurality of connecting nodes; 

a receiver that receives from a plurality of network appliances at determined 
locations on the communication network a number of data records from the source 
directed to the destination passing between ones of the qpnnecting nodes during a 
determined period of time; and \ 

a comparison circuit that identifies at least one of the connecting nodes as the 
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point of loss based omthe received number of data records, the locations of the 
network appliances and the topology. 

17. The system of Claim 16 further comprising the plurality of network 
appliances wherein pairs of\he connecting nodes define segments of the topology 
between the source and the destination and wherein at least one of the network 
appliances is coupled between each of the pairs of the connecting nodes. 

18. The system of Claim 17 wherein at least one of the network appliances 
further comprises: 

a timer; 

a filter that identifies ones\of a plurality of data records detected by the at least 
one of the network appliances that\are being transmitted from the source to the 
destination on the communications Wtwork; 

a counter that counts filteredWe of the plurality of data records, the counter 
being configured to be reset responsive to the timer; and 

a transmitter that transmits coimts from the counter to the receiver. 

19. The system of Claim 17 wherein the filter is configured to identify 
ones of the plurality of data records based\on the source Internet Protocol (IP) address 
and destination IP address of a data packet Containing data records detected by the at 
least one of the network appliances. 

20. A system for determining a poiiit of loss for data records to be 
communicated between a source and a destination on a communication network, the 
system comprising: 

means for determining a topology of the communication network between the 
source and the destination, the topology including a plurality of connecting nodes; 

means for monitoring a number of data recoros from the source directed to the 
destination passing between ones of the connecting nqdes during a determined period 
of time; and 
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means for identifying at least one of the connecting nodes as the point of loss 
based on the monitored numoer of data records and the determined topology. 

21. The system of Claim 1 further comprising: 
5 a plurality of network appliances configured to obtain a number of data 

records passing between a pair ofconnecting nodes during a time period, ones of the 
network appliances being positioned between respective ones of the connecting nodes; 

wherein the means for monkoring further comprises: 

means for identifying at leasx one of the network appliances on the topology; 
10 and \ 

means for obtaining the number of data records from the source directed to the 
destination obtained by the identified at least one network appliance during the 
determined period of time. \ 

15 22. The system of Claim 21 wherein the means for identifying at least one 

of the network appliances on the topology\and the means for obtaining the number of 
data records from the source directed to the\destination obtained by the identified at 
least one network appliance during the detemiined period of time further comprise: 
means for identifying at least one first hop one of the network appliances 
20 which is coupled to the source over the communication network; 

means for identifying at least one next nop one of the network appliances 
which is coupled between the at least one first h©p one of the network appliances and 
the destination; \ 

means for obtaining a number of data records from the source directed to the 
25 destination obtained by the at least one first hop one of the network appliances and the 
at least one next hop one of the network appliances (during the determined time period; 
and \ 

wherein the means for identifying at least one of the connecting nodes as the 
point of loss further comprises: \ 
30 means for comparing the number of data records from the source directed to 

the destination obtained by one of the at least one first hdn one of the network 
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appliances with the number data records from the source directed to the destination 
obtained by ones of the at leas^one next hop one of the network appliances coupled 
between the one of the at least One first hop one of the network appliances and the 
destination; and \^ 
5 means for identifying a connecting node positioned between the at least one 

first hop one of the network appliances and the ones of the at least one next hop one of 
the network appliances as the point oftloss for data records if the number of data 
records from the source directed to the\destination obtained by one of the at least one 
first hop one of the network appliancesyiffers by a threshold amount from the number 
1 0 of data records from the source directed to the destination obtained by ones of the at 
least one next hop one of the network appliances coupled between the one of the at 
least one first hop one of the network appliances and the destination. 



23. The system of Claim 22 wherein the at least one first hop one of the 
1 5 network appliances is coupled to the sourceVwithout intervening ones of the network 

appliances being coupled between the source and the first hop one of the' network 
appliances and wherein the at least one next hop one of the network appliances is 
coupled between the at least one first hop one of the network appliances and the 
destination without intervening ones of the network appliances being coupled between 
20 the at least one first hop one of the network appliances and the at least one next hop 
one of the network appliances. 

24. The system of Claim 22 wherein the Wans for comparing the number 
of data records from the source directed to the destination obtained by one of the at 

25 least one first hop one of the network appliances with trae number of data records from 
the source directed to the destination obtained by ones of the at least one next hop one 
of the network appliances coupled between the one of theW least one first hop one of 
the network appliances and the destination further comprises means for comparing a 
number of data records from the source directed to the destination obtained by an 

30 upstream one of the network appliances with a number of data records from the source 
directed to the destination obtained by at least one downstrean\ one of the network 
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appliances coupled between thelupstream one of the network appliances and the 
destination at an adjacent downstream position for successive ones of the network 
appliances until at least one of the destination is reached or at least one of the 
connecting nodes is identified as Jhe point of loss for data records and wherein the 
5 means for identifying a connecting node positioned between the at least one first hop 
one of the network appliances and me ones of the at least one next hop one of the 
network appliances as the point of loss for data records comprises means for 
identifying a connecting node positioned between the upstream one of the network 
appliances and corresponding downstream ones of the network appliances as the point 
10 of loss for data records if the number of data records from the source directed to the 
destination obtained by the upstream one of the network appliances differs by a 
threshold amount from the number of data records from the source directed to the 
destination obtained by the corresponding downstream ones of the network 
appliances. 

15 

25. The system of Claim 24 wmerein the means for comparing a number of 
data records from the source directed to the destination obtained by an upstream one 
of the network appliances with a number of data records from the source directed to 
the destination obtained by at least one dovwistream one of the network appliances 

20 coupled between the upstream one of the network appliances and the destination at an 
adjacent downstream position is configured to compare successive ones of the 
network appliances on the topology until the destination is reached and wherein the 
means for identifying at least one of the connecting nodes as the point of loss further 
comprises means for identifying all connecting nodes positioned between upstream 

25 ones of the network appliances and corresponding Mownstream ones of the network 
appliances as points of loss for data records if the number of data records from the 
source directed to the destination obtained by respective upstream ones of the network 
appliances differs by a threshold amount from the number of data records from the 
source directed to the destination obtained by corresponding downstream ones of the 

30 network appliances. 
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26 The system of Claim 22 further comprising means for adjusting 
obtained numbers of data records from the source directed to the destination to 
compensate for in transit introduced changes to data records before comparing the 
number of data records from the\source directed to the destination obtained by one of 
the at least one first hop one of the.network appliances with the number of data 
records from the source directed to the destination obtained by ones of the at least one 
next hop one of the network appliances coupled between the one of the at least one 
first hop one of the network appliance^and the destination. 



10 27. The system of Claim 26 wherein the means for adjusting obtained 

numbers of data records comprises means for adjusting obtained numbers of data 
records from the source directed to the destination to compensate for encryption 
related changes in data records introduced byl a connecting node coupled between the 
a first hop one and at least one next hop one of the network appliances. 

15 

28. The system of Claim 22 further comprising means for defining the 
determined period of time for the at least one ficst hop one of the network appliances 
and the at least next hop one of the network appliances based on a delay between the 
at least one first hop one of the network appliances and the at least next hop one of the 
20 network appliances. 



29. The system of Claim 28 wherein the means for defining the determined 
time period further comprises means for defining the uetermined period of time for 
the at least one first hop one of the network appliancesWid the at least next hop one of 

25 the network appliances based on an average delay between the at least one first hop 
one of the network appliances and the at least next hop o^e of the network appliances 
determined over an averaging window. 

30. The system of Claim 22 further comprising rdfeans for defining the 
30 threshold amount based on an expected timing related variability between numbers of 

data records obtained by ones of the network appliances. 
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3 1 . The system of Claim 30 wherein the means for defining the threshold 

V 

amount further comprises means for defining the threshold amount based on a 
percentage of data record throughput for respective ones of the network appliances. 



32. The system of Clairm22 wherein the connecting nodes are routing 
devices selected from the group consisting of routers, bridges and switches. 

33. The system of Claim 22\wherein a network appliance is positioned 
10 between each defined connecting node in the topology and all other adjacent defined 

connecting nodes in the topology. 
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34. The system of Claim 33 wherein at least one of the defined connecting 
nodes comprises a plurality of routing devices. 

35. A computer program product for determining a point of loss for data 
records to be communicated between a source and a destination on a communication 
network based on a topology of the communication network between the source and 
the destination, the topology including a plurality of connecting nodes, the computer 
program product comprising: 

a computer-readable storage medium hiving computer-readable program code 
embodied in said medium, said computer-readable program code comprising: 

computer-readable program code which monitors a number of data records 
from the source directed to the destination passing between ones of the connecting 
nodes during a determined period of time; and 

computer-readable program code which identifies at least one of the 
connecting nodes as the point of loss based on the monitored number of data records 
and the determined topology. 
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36. The computer program product of Claim 3: 
network appliances configured to obtain a number of data 
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wherein a plurality of 
ecords passing between a 



pair of connecting nodes during a time period are positioned between respective ones 

of the connecting nodes, wherein the computer-readable program code which 

monitors further comprises: \ 

computer-readable program code which identifies at least one of the network 

\ 

appliances on the topology; and^ 

computer-readable program code which obtains the number of data records 
from the source directed to the destination obtained by the identified at least one 
network appliance during the determined period of time. 



1 0 37. The computer program product of Claim 36 wherein the computer- 

readable program code which identifies at least one of the network appliances on the 
topology and the computer-readable program code which obtains the number of data 
records from the source directed to the^lestination obtained by the identified at least 
one network appliance during the determined period of time further comprise: 
1 5 computer-readable program code t which identifies at least one first hop one of 

the network appliances which is coupled \o the source over the communication 
network; 

computer-readable program code which identies at least one next hop one of 
the network appliances which is coupled between the at least one first hop one of the 
20 network appliances and the destination; 

computer-readable program code whicl^obtains a number of data records from 
the source directed to the destination obtained bv the at least one first hop one of the 
network appliances and the at least one next hop \nc of the network appliances during 
the determined time period; and 
25 wherein the computer-readable program code which identifies at least one of 

the connecting nodes as the point of loss further comprises: 

computer-readable program code which compares the number of data records 
from the source directed to the destination obtained bwone of the at least one first hop 
one of the network appliances with the number of data records from the source 
30 directed to the destination obtained by ones of the at least one next hop one of the 
network appliances coupled between the one of the at leapt one first hop one of the 
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network appliances and the destination; and 

computer-readable program code which identifies a connecting node 
positioned between the at least one first hop one of the network appliances and the 
ones of the at least one next hop one of the network appliances as the point of loss for 
5 data records if the number of data records from the source directed to the destination 
obtained by one of the at least one fmst hop one of the network appliances differs by a 
threshold amount from the number ofvdata records from the source directed to the 
destination obtained by ones of the at feast one next hop one of the network 
appliances coupled between the one of me at least one first hop one of the network 
1 0 appliances and the destination. 

38. The computer program product of Claim 37 wherein the at least one 
first hop one of the network appliances is coupled to the source without intervening 
ones of the network appliances being coupled between the source and the first hop one 

15 of the network appliances and wherein the at least one next hop one of the network 
appliances is coupled between the at least ome first hop one of the network appliances 
and the destination without intervening oneslof the network appliances being coupled 
between the at least one first hop one of the network appliances and the at least one 
next hop one of the network appliances. 

20 

39. The computer program product o¥ Claim 37 wherein the computer- 
readable program code which compares the numqer of data records from the source 
directed to the destination obtained by one of the at least one first hop one of the 
network appliances with the number of data records from the source directed to the 

25 destination obtained by ones of the at least one next nop one of the network 

appliances coupled between the one of the at least one* first hop one of the network 
appliances and the destination further comprises computer-readable program code 
which compares a number of data records from the sourde directed to the destination 
obtained by an upstream one of the network appliances with a number of data records 

30 from the source directed to the destination obtained by at least one downstream one of 
the network appliances coupled between the upstream one §f the network appliances 
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and the destination at an^djacent downstream position for successive ones of the 
network appliances until at least one of the destination is reached or at least one of the 
connecting nodes is identified as the point of loss for data records and wherein the 
computer-readable program code which identifies a connecting node positioned 
between the at least one first hop one of the network appliances and the ones of the at 
least one next hop one of the network appliances as the point of loss for data records 
comprises computer-readable program code which identifies a connecting node 
positioned between the upstrearn one of the network appliances and corresponding 
downstream ones of the network appliances as the point of loss for data records if the 
number of data records from the source directed to the destination obtained by the 

\ 

upstream one of the network appliances differs by a threshold amount from the 
number of data records from the somrce directed to the destination obtained by the 
corresponding downstream ones of the network appliances. 



40. The computer program product of Claim 39 wherein the computer- 
readable program code which compares a number of data records from the source 
directed to the destination obtained bykn upstream one of the network appliances 
with a number of data records from the source directed to the destination obtained by 
at least one downstream one of the network appliances coupled between the upstream 
one of the network appliances and the destination at an adjacent downstream position 
compares successive ones of the network appliances on the topology until the 
destination is reached and wherein the computer-readable program code which 
identifies at least one of the connecting nodeaas the point of loss further comprises 
computer-readable program code which identifies all connecting nodes positioned 
between upstream ones of the network appliances and corresponding downstream 
ones of the network appliances as points of loss for data records if the number of data 
records from the source directed to the destinationV)btained by respective upstream 
ones of the network appliances differs by a threshold amount from the number of data 
records from the source directed to the destination obtained by corresponding 
downstream ones of the network appliances. 
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4 1 . The computer program product of Claim 37 further comprising 
computer-readable program code which adjusts obtained numbers of data records 
from the source directed to the destination to compensate for in transit introduced 
changes to data records before comparing the number of data records from the source 
directed to the destination obtained by one of the at least one first hop one of the 
network appliances with the numb^of data records from the source directed to the 
destination obtained by ones of the aUeast one next hop one of the network 
appliances coupled between the one of the at least one first hop one of the network 



appliances and the destination. 
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42. The computer program product of Claim 41 wherein the computer- 
readable program code which adjusts obtained numbers of data records comprises 
computer-readable program code which adjusts obtained numbers of data records 
from the source directed to the destination Ito compensate for encryption related 

1 5 changes in data records introduced by a collecting node coupled between the a first 
hop one and at least one next hop one of the network appliances. 

43. The computer program product of Claim 37 further comprising 
computer-readable program code which defines the determined period of time for the 

20 at least one first hop one of the network appliances and the at least next hop one of the 
network appliances based on a delay between tke at least one first hop one of the 
network appliances and the at least next hop onet of the network appliances. 

44. The computer program product of ffilaim 43 wherein the computer- 
25 readable program code which defines the determined time period further comprises 

computer-readable program code which defines the aetermined period of time for the 
at least one first hop one of the network appliances and the at least next hop one of the 
network appliances based on an average delay betweemthe at least one first hop one of 
the network appliances and the at least next hop one of tqe network appliances 
30 determined over an averaging window. 
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45. The computer program product of Claim 37 further comprising 
computer-readable program code which defines the threshold amount based on an 
expected timing related variability between numbers of data records obtained by ones 
of the network appliances. 



46. The computer pragram product of Claim 45 wherein the computer- 
readable program code which defines the threshold amount further comprises 
computer-readable program code which defines the threshold amount based on a 
percentage of data record throughput for respective ones of the network appliances. 

10 \ 

47. The computer program product of Claim 37 wherein the connecting 
nodes are routing devices selected fn)m the group consisting of routers, bridges and 
switches. 



15 48. The computer program product of Claim 37 wherein a network 

appliance is positioned between each denned connecting node in the topology and all 
other adjacent defined connecting nodes im the topology. 

49. The computer program product of Claim 48 wherein at least one of the 
20 defined connecting nodes comprises a plurality of routing devices. 
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